Cyber Security Headlines – Podcast Summary

Episode: Windows RemoteApp problems, ferry malware arrest, Senator's open-source warning
Host: Steve Prentiss
Date: December 19, 2025

Episode Overview

This episode delivers a rapid roundup of key developments in cybersecurity, including breaking software issues, alarming security breaches in transportation and health care, pressing concerns over open-source software, warnings about new cyber vulnerabilities, and notable threat intelligence findings. For security professionals and interested listeners, it’s a quick but comprehensive scan of today’s cybersecurity landscape.

Key Discussion Points & Insights

1. Windows RemoteApp Connection Failures

[00:07–01:47]

Recent Microsoft updates are causing failures in Windows RemoteApp, especially for enterprise users employing Azure Virtual Desktop.
Issue originated from the November 2025 non-security update and affects Windows 11 (24H2 & 25H2) and Windows Server 2025.
Home and Pro users are not impacted; only enterprise deployments are affected.
No timeline for a permanent fix has been issued.

Quote:
"Remote App enables users to stream individual Windows applications from the cloud without loading an entire virtual desktop, making them run like local and native applications."
— Steve Prentiss, [00:39]

2. Ferry Crew Arrested Over Malware Installation

[01:47–03:04]

Two crew members (Bulgarian and Latvian) on an Italian passenger ferry arrested in France after discovery of malware intended to allow remote control of the vessel.
Bulgarian released; Latvian remains detained, suspected of conspiring to infiltrate systems for a foreign power.
The incident was detected by the shipping company in the port of Cette, southern France.

Quote:
"French authorities have arrested two crew members working on an Italian passenger ferry ... suspected of infecting the ship with malware that could have enabled them to remotely control the vessel."
— Steve Prentiss, [01:49]

3. US Senate Warns of Open-Source Software Risks

[03:04–03:54]

Senate Intelligence Committee Chairman Tom Cotton urges National Cyber Director to address risks of foreign actors contributing to open-source software used in sensitive systems.
Cites recent cases, including compromised beta version of Xcel Utils and a Russia-based sole maintainer for software in Defense Department packages.

Quote:
"Threat actors assume that contributors are benevolent so they can insert malicious code into widely used open source codebases."
— Steve Prentiss summarizing Tom Cotton, [03:24]

4. Chinese Zero-Day Exploit Targets Cisco Email Security

[03:54–04:32]

Chinese threat actors exploiting a zero-day (CVSS 10) in Cisco Secure Email Gateway and Web Manager with Async OS since late November.
Vulnerable if certain ports are exposed to the Internet.
Attribution based on forensic analysis of tools and infrastructure.

Quote:
"Chinese hackers have been exploiting this since late November, the company said on Wednesday."
— Steve Prentiss, [04:12]

5. UK's DXS International Breach – NHS Tech Supplier

[05:15–05:57]

DXS International, serving NHS with decision support and referral management, discloses breach on internal servers (detected December 14).
Clinical services remain operational; unknown if patient data is compromised.
Incident reported to ICO. DXS serves about 10% of NHS referrals in England.

6. DIG AI – Darknet AI Assistant Surge

[05:57–06:32]

Fourth quarter sees rise in DIG AI usage, an uncensored AI tool on Tor providing criminal guidance from explosives to illegal content.
Surge aligns with upcoming Winter Olympics in Milan and FIFA World Cup.

Quote:
"Because DIG AI is hosted on the Tor network, these tools are difficult for law enforcement to find, which has resulted in a significant underground market."
— Steve Prentiss, [06:12]

7. CISA Flags ASUS Live Update Vulnerability

[06:32–07:01]

CISA adds actively exploited ASUS Live Update vulnerability (CVSS 9.3) to KEV catalog.
Compromise introduced via supply chain attack; certain client versions shipped with embedded malicious code.
Flaw enables attackers to perform unintended actions.

8. Password Spraying Attacks on Popular VPN Gateways

[07:01–07:48]

Automated attacks target Palo Alto Networks GlobalProtect and Cisco SSL VPN gateways, leveraging common credentials.
Over 10,000 IPs involved, attacks centered in US, Mexico, Pakistan, mainly from 3xk Germany IP space.
Differentiated from December 12 attack by same actor.
Graynoise identifies traffic and methodology as "reuse of common username and password combinations".

Notable Quotes & Moments

"Remote App enables users to stream individual Windows applications from the cloud..." — [00:39]
"French authorities have arrested two crew members..." — [01:49]
"Threat actors assume that contributors are benevolent..." — [03:24]
"Chinese hackers have been exploiting this since late November..." — [04:12]
"Because DIG AI is hosted on the Tor network, these tools are difficult for law enforcement to find..." — [06:12]
"In this particular attack, the researchers stated that the threat actor reused common username and password combinations." — [07:31]

Important Timestamps

00:07 – Windows RemoteApp failures in Azure Virtual Desktop
01:47 – Italian ferry crew arrested for onboard malware
03:04 – Senate open-source software warning
03:54 – Cisco Email Security Zero-Day exploited by Chinese actors
05:15 – UK’s DXS International breach impacting NHS
05:57 – Surge in DIG AI use on darknet
06:32 – CISA adds ASUS Live Update flaw to KEV catalog
07:01 – Password spraying attacks on major VPN services

Tone & Style

The episode presents information in a succinct, informative, and authoritative manner, keeping language clear and direct. The tone is urgent and focused, matching the seriousness of the news items without leaning into hype or speculation.

Conclusion

This episode offers a fast-paced yet in-depth scan of crucial threats and trends in cybersecurity as of December 19, 2025. Listeners receive actionable information on breaking vulnerabilities, novel attack methods, and shifting regulatory attention—essential intelligence for IT and security professionals.

Cyber Security Headlines – Podcast Summary

Episode: Windows RemoteApp problems, ferry malware arrest, Senator's open-source warning
Host: Steve Prentiss
Date: December 19, 2025

Episode Overview

Key Discussion Points & Insights

1. Windows RemoteApp Connection Failures

[00:07–01:47]

Recent Microsoft updates are causing failures in Windows RemoteApp, especially for enterprise users employing Azure Virtual Desktop.
Issue originated from the November 2025 non-security update and affects Windows 11 (24H2 & 25H2) and Windows Server 2025.
Home and Pro users are not impacted; only enterprise deployments are affected.
No timeline for a permanent fix has been issued.

Quote:
"Remote App enables users to stream individual Windows applications from the cloud without loading an entire virtual desktop, making them run like local and native applications."
— Steve Prentiss, [00:39]

2. Ferry Crew Arrested Over Malware Installation

[01:47–03:04]

Two crew members (Bulgarian and Latvian) on an Italian passenger ferry arrested in France after discovery of malware intended to allow remote control of the vessel.
Bulgarian released; Latvian remains detained, suspected of conspiring to infiltrate systems for a foreign power.
The incident was detected by the shipping company in the port of Cette, southern France.

Quote:
"French authorities have arrested two crew members working on an Italian passenger ferry ... suspected of infecting the ship with malware that could have enabled them to remotely control the vessel."
— Steve Prentiss, [01:49]

3. US Senate Warns of Open-Source Software Risks

[03:04–03:54]

Senate Intelligence Committee Chairman Tom Cotton urges National Cyber Director to address risks of foreign actors contributing to open-source software used in sensitive systems.
Cites recent cases, including compromised beta version of Xcel Utils and a Russia-based sole maintainer for software in Defense Department packages.

Quote:
"Threat actors assume that contributors are benevolent so they can insert malicious code into widely used open source codebases."
— Steve Prentiss summarizing Tom Cotton, [03:24]

4. Chinese Zero-Day Exploit Targets Cisco Email Security

[03:54–04:32]

Chinese threat actors exploiting a zero-day (CVSS 10) in Cisco Secure Email Gateway and Web Manager with Async OS since late November.
Vulnerable if certain ports are exposed to the Internet.
Attribution based on forensic analysis of tools and infrastructure.

Quote:
"Chinese hackers have been exploiting this since late November, the company said on Wednesday."
— Steve Prentiss, [04:12]

5. UK's DXS International Breach – NHS Tech Supplier

[05:15–05:57]

DXS International, serving NHS with decision support and referral management, discloses breach on internal servers (detected December 14).
Clinical services remain operational; unknown if patient data is compromised.
Incident reported to ICO. DXS serves about 10% of NHS referrals in England.

6. DIG AI – Darknet AI Assistant Surge

[05:57–06:32]

Fourth quarter sees rise in DIG AI usage, an uncensored AI tool on Tor providing criminal guidance from explosives to illegal content.
Surge aligns with upcoming Winter Olympics in Milan and FIFA World Cup.

Quote:
"Because DIG AI is hosted on the Tor network, these tools are difficult for law enforcement to find, which has resulted in a significant underground market."
— Steve Prentiss, [06:12]

7. CISA Flags ASUS Live Update Vulnerability

[06:32–07:01]

CISA adds actively exploited ASUS Live Update vulnerability (CVSS 9.3) to KEV catalog.
Compromise introduced via supply chain attack; certain client versions shipped with embedded malicious code.
Flaw enables attackers to perform unintended actions.

8. Password Spraying Attacks on Popular VPN Gateways

[07:01–07:48]

Automated attacks target Palo Alto Networks GlobalProtect and Cisco SSL VPN gateways, leveraging common credentials.
Over 10,000 IPs involved, attacks centered in US, Mexico, Pakistan, mainly from 3xk Germany IP space.
Differentiated from December 12 attack by same actor.
Graynoise identifies traffic and methodology as "reuse of common username and password combinations".

Notable Quotes & Moments

"Remote App enables users to stream individual Windows applications from the cloud..." — [00:39]
"French authorities have arrested two crew members..." — [01:49]
"Threat actors assume that contributors are benevolent..." — [03:24]
"Chinese hackers have been exploiting this since late November..." — [04:12]
"Because DIG AI is hosted on the Tor network, these tools are difficult for law enforcement to find..." — [06:12]
"In this particular attack, the researchers stated that the threat actor reused common username and password combinations." — [07:31]

Important Timestamps

00:07 – Windows RemoteApp failures in Azure Virtual Desktop
01:47 – Italian ferry crew arrested for onboard malware
03:04 – Senate open-source software warning
03:54 – Cisco Email Security Zero-Day exploited by Chinese actors
05:15 – UK’s DXS International breach impacting NHS
05:57 – Surge in DIG AI use on darknet
06:32 – CISA adds ASUS Live Update flaw to KEV catalog
07:01 – Password spraying attacks on major VPN services

wavePod

Windows RemoteApp problems, ferry malware arrest, Senator's open-source warning

Powered by Wave AI

Summary

Cyber Security Headlines – Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. Windows RemoteApp Connection Failures

2. Ferry Crew Arrested Over Malware Installation

3. US Senate Warns of Open-Source Software Risks

4. Chinese Zero-Day Exploit Targets Cisco Email Security

5. UK's DXS International Breach – NHS Tech Supplier

6. DIG AI – Darknet AI Assistant Surge

7. CISA Flags ASUS Live Update Vulnerability

8. Password Spraying Attacks on Popular VPN Gateways

Notable Quotes & Moments

Important Timestamps

Tone & Style

Conclusion

Summary

Cyber Security Headlines – Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. Windows RemoteApp Connection Failures

2. Ferry Crew Arrested Over Malware Installation

3. US Senate Warns of Open-Source Software Risks

4. Chinese Zero-Day Exploit Targets Cisco Email Security

5. UK's DXS International Breach – NHS Tech Supplier

6. DIG AI – Darknet AI Assistant Surge

7. CISA Flags ASUS Live Update Vulnerability

8. Password Spraying Attacks on Popular VPN Gateways

Notable Quotes & Moments

Important Timestamps

Tone & Style

Conclusion